Search form

Intel Discloses New Chip Security Flaws

Intel on Tuesday disclosed three more possible flaws in some of its microprocessors that can be exploited to gain access to certain data from computer memory.

The Intyel Core and Xeon processors were among the products that were affected, the company said.

"We are not aware of reports that any of these methods have been used in real-world exploits, but this further underscores the need for everyone to adhere to security best practices," the company said in a blog post.

Intel also released updates to address the issue and said new updates coupled those released earlier in the year will reduce the risk for users, including personal computer clients and data centers.

In January, the company came under scrutiny after security researchers disclosed flaws that they said could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel, Advanced Micro Devices Inc and ARM Holdings.

AMD on Tuesday said it was not impacted by the new flaws disclosed by Intel.

The recently identified speculative execution side-channel method is called L1 Terminal Fault (L1TF). This method affects select microprocessor products supporting Intel Software Guard Extensions (Intel SGX) and was first reported to us by researchers at KU Leuven University, Technion - Israel Institute of Technology, University of Michigan, University of Adelaide and Data61. Further research by Intel's security team identified two related applications of L1TF with the potential to impact other microprocessors, operating systems and virtualization software.

All three applications of L1TF are speculative execution side channel cache timing vulnerabilities. In this regard, they are similar to previously reported variants. These particular methods target access to the L1 data cache, a small pool of memory within each processor core designed to store information about what the processor core is most likely to do next.

The microcode updates that Intel released earlier this year provide a way for system software to clear this shared cache.

Once systems are updated, Intel expects the risk to consumer and enterprise users running non-virtualized operating systems to be low.